“The General Data Protection Regulation (GDPR) does not regulate pharma data per se but regulates what must and must not be done when working with personal data sets. In particular, health data, genetic data and biometric data are singled out as special categories of personal data attracting additional precautions because of their high-risk potential to infringe individuals’ rights or freedoms.

“However, it is not a piece of law that will automatically invalidate existing sector-specific laws, but it will work alongside any laws already applicable to pharma research: the effect is to “fill any gaps in between other laws”, so to speak. Thanks to the GDPR we will know how to handle personal data in all areas of research, whether previously regulated or not. What’s new, of course, is a mindset shift from believing that if a data use-case is not explicitly prohibited then we go ahead presuming it’s ok, to knowing that when a data set includes personal data like biometric, genetic and health data, it will need to be given the GDPR/Privacy-by-default treatment.

“So, a first reassurance I’d like to offer is that, even if national parliaments round the EU do not manage to incorporate the GDPR in their existing bodies of national law in time for the May 25th deadline, the black-on-white text of the GDPR will apply directly and will be your guide for any data research. It might make actual litigation slightly more difficult, as not all the legal procedures will be in place, but from a pharma researcher standpoint, rather than a litigator’s, overall the GDPR has been drafted clearly enough to allow it to dovetail with other sector-specific laws and rules.

“A second reassurance I’d like to offer is that the GDPR has been drafted with a number of clauses “suspending” some of the GDPR prohibitions in the context of public health and scientific research. Most areas of pharma research, in short, have little to fear from the GDPR. (See my presentation slides and sector reports).

“What will become important, however, is transparent accountability: the obligation to indicate - for any data record or data manipulation exercise - the legal basis or research-specific legal exception we rely on. Every data record and any data transformation must be accompanied, right from the start, by a description of: (1) its legal basis; (2) its purpose; (3) its retention period or timeframe; (4) its recipients/any parties it will be disclosed to; (5) whether individual profiling is carried out and its likely consequences for the individual.

“This accountability framework will turn out to be an important ally in what all other panelists see as critical investment in pharma data management: no longer a nice to have, a data architecture enabling excellent data lineage, purpose-driven data taxonomy and metadata management will double-up as an indispensable tool to demonstrate accountability to the data protection supervisory authorities as of May 25th.

“Real-world data and real-world evidence, however, deserve a special mention in the context of data-driven pharma innovation.

“The potential of vast troves of connected device data or social media feeds to yield pharmaceutical insights needs to be tempered with GDPR considerations about individuals’ awareness of any further uses their data is put to and understanding of which organisations it will be shared with. In most situations connected users are not intentionally donating their data to research. Until now the consumer IoT has been relying on opaque consent terms or authorisations to share data with generically described “trusted third parties”. The GDPR is a turning of the screw on these loose permission terms and will not grandfather the legality of legacy data sets if they have old-style permissions.

“Any real-world data sources pharma research relies on must be scrutinised for their potential to be, quite simply, obtained illegally.”

Her final sentence highlights a huge marketing consideration for providers within the pharmaceutical, biologics and medicine distribution markets.

In reaching out to potential future business clients, suppliers must ensure their data has been obtained legitimately. They will need to use credible data sources for lead lists.

Practices, in many companies, will need to be altered in order to protect data subjects.

Theoretically, one could assume that the reduction in marketing noise as a result of GDPR could spark higher conversion rates from compliant marketing efforts – due to the higher relevance of outreaches and the lower occurrence of data misuse.

Subscribe to our Free Newsletter

We respect your privacy, by clicking ‘SUBSCRIBE’ you agree to receive our e-newsletter, including information on Podcasts, Webinars, event discounts and online learning opportunities. For further information on how we process and monitor your personal data click here. You can unsubscribe at anytime.

FIND CONTENT BY TYPE

Pharma IQ COMMUNITY

ADVERTISE WITH US

Reach Pharmaceuticals & Biotechnology professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.

PLEASE ENTER YOUR EMAIL TO JOIN FOR FREE

Already an IQPC Community Member?Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.

We respect your privacy, by clicking ‘SUBSCRIBE’ you agree to receive our e-newsletter, including information on Podcasts, Webinars, event discounts and online learning opportunities. For further information on how we process and monitor your personal data click here. You can unsubscribe at anytime.